Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/afa1ee-8d80-4d5a-a739-c612a70abb42/1/2NktiKibbqlkp_IPB-Q4_RES45Q.roa
File:                     2NktiKibbqlkp_IPB-Q4_RES45Q.roa (raw, json)
Hash identifier:          nHUNxsYMB1Ljqi8eAkz9VxR3WY53Q0eItn+Ma07hD1o=
Subject key identifier:   D8:D9:2D:88:A8:9B:6E:A9:64:A7:F2:0F:07:E4:38:FD:11:12:E3:94
Certificate issuer:       /CN=578041152df80f6e531342663dd003109905084f
Certificate serial:       018CC26D04B1E671D64B2096F40926E7D102
Authority key identifier: 57:80:41:15:2D:F8:0F:6E:53:13:42:66:3D:D0:03:10:99:05:08:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V4BBFS34D25TE0JmPdADEJkFCE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/afa1ee-8d80-4d5a-a739-c612a70abb42/1/2NktiKibbqlkp_IPB-Q4_RES45Q.roa
Signing time:             Mon 01 Jan 2024 00:29:33 +0000
ROA not before:           Mon 01 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202182
IP address blocks:        45.153.90.0/24 maxlen: 24
                          2a13:9c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/afa1ee-8d80-4d5a-a739-c612a70abb42/1/V4BBFS34D25TE0JmPdADEJkFCE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/afa1ee-8d80-4d5a-a739-c612a70abb42/1/V4BBFS34D25TE0JmPdADEJkFCE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V4BBFS34D25TE0JmPdADEJkFCE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:04:b1:e6:71:d6:4b:20:96:f4:09:26:e7:d1:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=578041152df80f6e531342663dd003109905084f
        Validity
            Not Before: Jan  1 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8d92d88a89b6ea964a7f20f07e438fd1112e394
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f5:77:c0:ab:73:ea:67:49:7e:40:b6:aa:06:
                    c6:5f:c5:80:d6:ff:4b:0b:49:a8:53:78:2b:05:43:
                    11:9e:de:80:b3:c4:85:3d:ff:a3:97:05:eb:86:da:
                    0c:f0:44:ba:a3:91:9e:55:26:15:10:68:38:0a:09:
                    b8:ed:a2:76:47:cb:ad:6e:c4:cd:37:33:85:d0:7e:
                    35:3d:0d:31:09:0b:5a:94:93:14:6c:5c:ca:49:18:
                    d0:9f:e4:20:53:7c:f6:d7:61:4a:d5:2d:68:1b:ae:
                    47:46:35:1f:f5:f1:66:10:f3:7e:84:ac:00:74:45:
                    5a:b9:3f:bd:cb:8f:c0:00:1a:b4:15:08:07:5b:98:
                    ac:2e:8a:c2:d0:30:be:3e:8a:f3:32:ca:61:c2:c5:
                    6b:d6:88:a5:c7:cb:32:58:4b:16:2d:76:90:a9:5c:
                    f1:65:ad:5e:d5:5b:d6:53:80:37:77:64:57:16:e4:
                    ca:c2:ec:f0:00:2c:0a:0f:8d:4d:79:ed:79:f6:e6:
                    9d:9b:2c:b6:40:66:13:0f:64:6e:2f:86:ca:5c:b9:
                    28:c3:3c:f6:e3:65:18:01:e2:a1:98:e6:90:31:78:
                    cb:a8:7e:2c:35:b8:90:21:ba:1d:25:d5:d0:69:7b:
                    25:4f:03:5b:cc:ca:8c:19:0d:0b:45:ac:ab:fd:57:
                    96:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:D9:2D:88:A8:9B:6E:A9:64:A7:F2:0F:07:E4:38:FD:11:12:E3:94
            X509v3 Authority Key Identifier:
                keyid:57:80:41:15:2D:F8:0F:6E:53:13:42:66:3D:D0:03:10:99:05:08:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V4BBFS34D25TE0JmPdADEJkFCE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/afa1ee-8d80-4d5a-a739-c612a70abb42/1/2NktiKibbqlkp_IPB-Q4_RES45Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/afa1ee-8d80-4d5a-a739-c612a70abb42/1/V4BBFS34D25TE0JmPdADEJkFCE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.90.0/24
                IPv6:
                  2a13:9c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:27:16:5a:d9:df:36:e4:cf:fb:84:2d:b8:c2:b0:e4:de:7c:
         5e:f2:49:c6:70:03:f7:cf:f9:56:27:61:e6:2a:1a:6c:e2:f5:
         c9:73:a9:00:ca:05:01:1f:df:bf:16:1f:95:c7:76:85:d1:6e:
         e1:b9:40:2c:12:ae:87:59:e8:31:48:13:94:a3:78:be:d6:b7:
         c6:e0:39:b3:a3:d4:05:d2:27:69:cf:49:69:4a:34:c5:98:48:
         c8:56:bb:38:a5:67:50:fe:17:ef:6a:04:ee:9d:e4:7a:3f:7a:
         3d:56:bc:ab:28:17:91:f4:e4:2e:2d:2c:68:25:27:16:80:4f:
         61:e0:5f:ce:6a:4c:d6:42:06:d5:2a:13:82:da:37:c5:be:a0:
         ff:be:32:70:f8:69:f7:79:fc:57:4c:93:04:78:ca:90:0d:e5:
         7c:7f:5a:80:dc:bc:0d:84:c9:e2:66:b0:bd:32:1e:90:e9:e0:
         a7:c1:69:da:84:1b:0f:8e:45:68:dc:2e:0f:d1:48:32:ca:75:
         1b:3d:0c:60:b0:76:0d:fc:e9:18:b4:b1:c1:6c:a1:b2:b4:14:
         05:c2:9d:58:78:1d:54:33:87:21:ee:5e:25:56:9a:bb:42:84:
         80:dc:6a:81:0e:34:d7:1b:34:ab:3c:75:f0:f5:1c:67:e2:e2:
         8b:49:bd:b4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbQSx5nHWSyCW9Akm59ECMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3ODA0MTE1MmRmODBmNmU1MzEzNDI2NjNkZDAwMzEwOTkw
NTA4NGYwHhcNMjQwMTAxMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGQ5MmQ4OGE4OWI2ZWE5NjRhN2YyMGYwN2U0MzhmZDExMTJlMzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPV3wKtz6mdJfkC2qgbGX8WA1v9L
C0moU3grBUMRnt6As8SFPf+jlwXrhtoM8ES6o5GeVSYVEGg4Cgm47aJ2R8utbsTN
NzOF0H41PQ0xCQtalJMUbFzKSRjQn+QgU3z212FK1S1oG65HRjUf9fFmEPN+hKwA
dEVauT+9y4/AABq0FQgHW5isLorC0DC+PorzMsphwsVr1oilx8syWEsWLXaQqVzx
Za1e1VvWU4A3d2RXFuTKwuzwACwKD41Nee159uadmyy2QGYTD2RuL4bKXLkowzz2
42UYAeKhmOaQMXjLqH4sNbiQIbodJdXQaXslTwNbzMqMGQ0LRayr/VeWawIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNjZLYiom26pZKfyDwfkOP0REuOUMB8GA1UdIwQY
MBaAFFeAQRUt+A9uUxNCZj3QAxCZBQhPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjRCQkZTMzREMjVURTBKbVBkQURFSmtGQ0U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9hZmExZWUtOGQ4MC00ZDVhLWE3Mzkt
YzYxMmE3MGFiYjQyLzEvMk5rdGlLaWJicWxrcF9JUEItUTRfUkVTNDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9hZmExZWUtOGQ4MC00ZDVhLWE3MzktYzYxMmE3MGFiYjQy
LzEvVjRCQkZTMzREMjVURTBKbVBkQURFSmtGQ0U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZlaMA8E
AgACMAkDBwAqEwnAAAAwDQYJKoZIhvcNAQELBQADggEBAKYnFlrZ3zbkz/uELbjC
sOTefF7yScZwA/fP+VYnYeYqGmzi9clzqQDKBQEf378WH5XHdoXRbuG5QCwSrodZ
6DFIE5SjeL7Wt8bgObOj1AXSJ2nPSWlKNMWYSMhWuzilZ1D+F+9qBO6d5Ho/ej1W
vKsoF5H05C4tLGglJxaAT2HgX85qTNZCBtUqE4LaN8W+oP++MnD4afd5/FdMkwR4
ypAN5Xx/WoDcvA2EyeJmsL0yHpDp4KfBadqEGw+ORWjcLg/RSDLKdRs9DGCwdg38
6Ri0scFsobK0FAXCnVh4HVQzhyHuXiVWmrtChIDcaoEONNcbNKs8dfD1HGfi4otJ
vbQ=
-----END CERTIFICATE-----